NETGEAR UTM5 Reference Manual page 127

ProSecure Unified Threat Management (UTM) Appliance
The steps to configure inbound rules are described in the following sections:
• Set LAN WAN Rules
• Set DMZ WAN Rules
• Set LAN DMZ Rules
Table 28. Inbound rules overview
Setting Description
Service The service or application to be covered by this rule. If the service or application does not
display in the list, you need to define it using the Services screen (see
(also referred to as
Services
Service Name)
Action The action for outgoing connections covered by this rule:
(also referred to as •
Filter)
•
Note:
rule.
Note:
is, you wish to allow a subset of traffic that is currently blocked by another rule. Similarly,
BLOCK rules are useful only if the traffic is already covered by an ALLOW rule. That is,
you wish to block a subset of traffic that is currently allowed by another rule.
Select Schedule The time schedule that is used by this rule. By default, there is no schedule assigned
(that is, None is selected from the Schedule drop-down), and the rule is in effect
permanently. For information about creating schedules, see
Allow Specific Traffic
Send to LAN Server The LAN server address determines which computer on your network is hosting this
service rule. (You can also translate this address to a port number.) The options are:
•
•
Send to DMZ Server The DMZ server address determines which computer on your network is hosting this
service rule. (You can also translate this address to a port number.)
Translate to Port If you want to assign the LAN server or DMZ server to a specific port, you can enable this
Number setting and specify a port number.
WAN Destination IP The setting that determines the destination IP address applicable to incoming traffic. This
Address is the public IP address that maps to the internal LAN server.
On the multiple WAN port models, it can be either the address of a WAN interface or
another public IP address (when you have a secondary WAN address configured)
the single WAN port models, it can be either the address of the single WAN interface or
another public IP address (when you have a secondary WAN address configured).
You also have the option to enter an address range. Enter the required addresses in the
Start and End fields to apply the rule to a range of devices.
on page 154).
BLOCK always
ALLOW always
Any inbound traffic that is not blocked by rules you create is allowed by the default
ALLOW rules are useful only if the traffic is already covered by a BLOCK rule. That
on page 168.
Single address. Enter the required address in the Start field to apply the rule to a
single device on your LAN.
Address range. Enter the required addresses in the Start and End fields to apply
the rule to a range of devices.
Firewall Protection
127
Add Customized
Set a Schedule to Block or
.
On